CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/14 5:30 a.m.•3 views

CVE-2025-15345

6.1CVSS6AI score0.00204EPSS

EUVD•added 2026/05/14 5:30 a.m.•4 views

EUVD-2025-209837

6.1CVSS6AI score0.00204EPSS

Vulnrichment•added 2026/05/14 5:30 a.m.•5 views

CVE-2025-15345 MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

6.1CVSS6AI score0.00204EPSS

CNNVD•added 2026/05/14 12:0 a.m.•5 views

WordPress plugin MapGeo – Interactive Geo Maps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00204EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•10 views

PT-2026-40882

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt bb button shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00156EPSS

RedhatCVE•added 2026/05/13 2:21 p.m.•4 views

CVE-2026-7661

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS

RedhatCVE•added 2026/05/13 2:21 p.m.•7 views

CVE-2026-4920

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00187EPSS

RedhatCVE•added 2026/05/13 2:21 p.m.•7 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS

Patchstack•added 2026/05/13 12:20 p.m.•4 views

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin ACF Extended versions = 0.9.2.3...

6.5CVSS5.8AI score0.00266EPSS

Exploits0References1Affected Software1

CVE•added 2026/05/13 7:44 a.m.•16 views

CVE-2025-14767

CVE-2025-14767 affects the WordPress plugin WPC Badge Management for WooCommerce (versions ≤ 3.1.6). The vulnerability is a Stored Cross-Site Scripting via the 'text' attribute of the wpcbm_best_seller shortcode, caused by insufficient input sanitization and output escaping. Authenticated attacke...

ATTACKERKB•added 2026/05/13 7:44 a.m.•3 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

Vulnrichment•added 2026/05/13 7:44 a.m.•3 views

CVE-2025-14767 WPC Badge Management for WooCommerce <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute

NVD•added 2026/05/13 5:16 a.m.•4 views

CVE-2026-6962

The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwccogproductcost' and 'algwccogproductprofit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization an...

6.4CVSS0.00193EPSS

EUVD•added 2026/05/13 4:26 a.m.•6 views

EUVD-2026-29898

6.4CVSS6AI score0.00193EPSS

Vulnrichment•added 2026/05/13 4:26 a.m.•3 views

CVE-2026-6962 Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS6AI score0.00193EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

NVD•added 2026/05/12 11:16 p.m.•13 views

CVE-2025-15463

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS0.00266EPSS

CVE•added 2026/05/12 10:24 p.m.•16 views

CVE-2025-15463

The CVE-2025-15463 entry concerns the Advanced Custom Fields: Extended WordPress plugin, affected versions up to 0.9.2.3. The vulnerability arises from code that executes do_shortcode without proper value validation, allowing unauthenticated attackers to execute arbitrary shortcodes. No public ex...

6.5CVSS6.2AI score0.00266EPSS

Cvelist•added 2026/05/12 10:24 p.m.•35 views

CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution

6.5CVSS0.00266EPSS